The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
Dnsmasq is designed to act as a DNS forwarder, DHCP server, and
TFTP server for small networks. You can use dnsmasq as an
alternative to configuring separate DHCP and TFTP services. For
more information about dnsmasq, see the
dnsmasq(8)
manual page,
/usr/share/doc/dnsmasq-
,
and
http://www.thekelleys.org.uk/dnsmasq/doc.html.
version
To configure dnsmasq for PXE client installation requests:
Install the
dnsmasq
package.#
yum install dnsmasq
Edit
/etc/dnsmasq.conf
and configure entries for PXE clients and other systems on the network, for example:interface=eth1 dhcp-range=10.0.0.101,10.0.0.200,6h dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite dhcp-boot=pxelinux/pxelinux.0 enable-tftp tftp-root=/var/lib/tftpboot
The lines in the sample configuration file do the following:
-
interface=eth1
Listen for incoming client requests on interface
eth1
only.-
dhcp-range=10.0.0.101,10.0.0.200,6h
Reserve a pool of generally available IP addresses in the range 10.0.0.101 through 10.0.0.200 on the 10.0.0/24 subnet with a six-hour lease.
NoteA
dhcp-range
setting is required to enable the DHCP service provided by dnsmasq. If you want to configure static addresses but not an address pool, specify a static network address and the keywordsstatic
andinfinite
, for example:dhcp-range=10.0.0.253,static,infinite
-
dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite
Reserve the IP address 10.0.0.253 with infinite lease time for
svr1
, which is identified by the MAC address 08:00:27:c6:a1:16.-
dhcp-boot=pxelinux/pxelinux.0
Specify the location of the boot-loader file required by PXE clients. This example supports BIOS-based PXE clients. An entry that supports UEFI-based clients might take the following form:
dhcp-boot=efi/BOOTX64.efi
If you want to use a separate TFTP server instead of dnsmasq, specify its IP address after the boot-loader path, for example:
dhcp-boot=pxelinux/pxelinux.0,10.0.0.11
-
enable-tftp
Enable the TFTP service provided by dnsmasq.
-
tftp-root=/var/lib/tftpboot
Specify the root directory for files served by TFTP. To prevent clients from accessing any file on the host, dnsmasq rejects requests that specify
..
as a path element.
-
If you configure dnsmasq to provide the TFTP service:
Create the TFTP server directories, for example:
#
mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg
Copy the installation kernel and ram-disk image files to the TFTP server directory hierarchy, for example:
#
wget http://10.0.0.11/OSimage/OL6.6/isolinux/vmlinuz
\-O /var/lib/tftpboot/pxelinux/vmlinuz
#wget http://10.0.0.11/OSimage/OL6.6/isolinux/initrd.img
\-O /var/lib/tftpboot/pxelinux/initrd.img
This example uses HTTP to obtain the files from an installation server.
If you want to support BIOS-based PXE clients, install the
syslinux
package and copy thepxelinux.0
boot loader to the TFTP server directory hierarchy.#
yum install syslinux
#cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux/pxelinux.0
If you want to support UEFI-based PXE clients, copy the
BOOTX64.efi
boot loader and splash image files to the TFTP server directory hierarchy, for example:#
wget http://10.0.0.11/OSimage/OL6.6/EFI/BOOT/BOOTX64.efi
\-O /var/lib/tftpboot/efi/BOOTX64.efi
#wget http://10.0.0.11/OSimage/OL6.6/EFI/BOOT/splash.xpm.gz
\-O /var/lib/tftpboot/efi/splash.xpm.gz
Create the default boot loader configuration file, for example
efi/efidefault
orpxelinux/pxelinux.cfg/default
.For more information, see Section 1.4.9, “About Boot-Loader Configuration Files”.
If SELinux is enabled in enforcing mode on your system, use the semanage command to define the default file type of the TFTP server directory hierarchy as
tftpdir_t
and then use the restorecon command to apply the file type to the entire directory hierarchy, for example:#
/usr/sbin/semanage fcontext -a -t tftpdir_t "/var/lib/tftpboot(/.*)?"
#/sbin/restorecon -R -v /var/lib/tftpboot
NoteThe semanage and restorecon commands are provided by the
policycoreutils-python
andpolicycoreutils
packages.
If you want dnsmasq to act as a caching-only name server, configure a name server entry for 127.0.0.1 that precedes other name server entries.
Dnsmasq ignores the 127.0.0.1 entry and forwards DNS queries to the other listed name servers. If the
NetworkManager
service is enabled, you can configure name service entries by using the graphical applet, the nm-connection-editor utility, or the system-config-network utility. Otherwise, you can configure name server entries directly in/etc/resolv.conf
, for example:nameserver 127.0.0.1 nameserver 10.0.0.8 nameserver 10.0.0.4
Start the
dnsmasq
service, and configure it to start after a reboot.#
service dnsmasq start
#chkconfig dnsmasq on
If you make any changes to
/etc/dnsmasq.conf
, restart thednsmasq
service. You do not need to restart the service if you change the content of boot loader configuration files.Configure the firewall:
Allow access by DHCP requests, for example:
#
iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
In this example, the server expects to receive requests on interface
eth1
.If you enable the TFTP service in dnsmasq, allow access by TFTP requests:
#
iptables -I INPUT -i eth1 -p udp --dport 69 -j ACCEPT
If you want dnsmasq to act as a caching-only name server, allow access by DNS requests:
#
iptables -I INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
#iptables -I INPUT -i eth1 -p udp -m udp --dport 53 -j ACCEPT
Save the configuration:
#
service iptables save
For information about configuring and using kickstart to perform automated installation, see Chapter 3, Installing Oracle Linux by Using Kickstart.